1. Field of the Invention
The present invention relates to a security procedure for use with a Universal Mobile Telephone Service (UMTS), the security procedure being performed in response to a detection of a communication failure between a Mobile Station (MS) and a Radio Network Controller (RNC) related to security such as a failure of an integrity check or a ciphering failure.
2. Description of the Related Art
A Universal Mobile Telephone Service (UMTS) is a network platform for a third-generation mobile communication system which aims to deliver seamless services for a subscriber and is usable across many networks. In general, the UMTS system includes a Core Network (CN) connected to a plurality of Universal Radio Access Networks (URANs). The CN comprises two parts: a first part adapted for circuit switch traffic (e.g. a Mobile Switching Center (MSC) and Visiting Location Register (VLR)) and a second part adapted for packet switch traffic (e.g. a Serving GPRS Support Node (SGSN)). Each URAN provides radio coverage over a prescribed geographical area referred to as a URAN Area (URA). To provide this coverage, each URAN includes a Radio Network Controller (RNC) which controls at least one Base Station (BS). The RNC is interconnected with other RNCs to perform switching operations and mobility management. The CN is connectable to all other types of networks to provide the subscriber with seamless services.
The movement of an MS from one URA (called an old URA) to a new URA initiates a URA update performed by the RNC of the new URA so that the MS can be reached when required. It is in the interest of the network operator to ensure that the MS initiating the URA update is a valid user. The validation involves the RNC performing an integrity check which is an authentication of the packet transmission between the RNC and the MS.
Each MS (which is also referred to as UMTS Equipment (UE)) includes a Subscriber Identity Module (SIM) card containing databases and executable files. The SIM card contains in its databases an International Mobile Subscriber Identity (IMSI), location information pertaining to the present location of the MS, an integrity key IK, and other security and administrative information. The location information is updated on the SIM card after each call termination, when the handset is properly deactivated, and when the MS moves from one URA to another. The location information includes a temporary anonymous identification used within each URA which may be known as the Temporary Mobile Subscriber Identity (TMSI), Packet TMSI (PTMSI), or Radio Network Temporary Identification (RNTI). The TMSI or other temporary identification is used as a security measure to provide an anonymous identity instead of using the IMSI which identifies the specific MS. As a further security measure, the communications between the MS and the URAN are encrypted using an encryption key. The encryption key is usually a ciphering key CK which is stored in an Authentication Center (AuC) or a Home Location Register (HLR).
The prior art integrity check in a UMTS System will now be described with reference to FIG. 5. The integrity check is initiated when the MS initiates the establishment of a Radio Resource Connection (RRC) by sending a COUNT parameter to the RNC, step 1. The COUNT is a time dependent value that is incremented at both sides of the radio link every 10 ms. A user stores the last used COUNT parameter and increments it by one to ensure that no COUNT value is reused (by the network) with the same integrity key IK.
The RNC stores the received COUNT parameter, step 2. The MS then transmits an Initial L3 Message such, for example, as a Location update request, a Communications Management (CM) service request, or a Routing Area Update Request to the relevant CN, step 3. The Initial L3 Message will contain relevant mobility management (MM) information, MS identity using, for example, a temporary identification as described above, an MS classmark IE, which includes information on the UMTS Integrity Algorithms (UIAs) and the UMTS Encryption Algorithms (UEAs) supported by the MS, and a Key Set Identifier (KSI) which is the number allocated by the CN at the last authentication for this CN domain.
After the MS has transferred all this information, an authentication of the packet and generation of new security keys such as the integrity key IK and the ciphering key CK may be performed, step 4. A new KSI will then also be allocated. Therefore the authentication procedure is used to change IK and CK, in addition to authenticate the information packet transmitted by the user.
To perform the packet authentication, the CN selects UIAs and UEAs that are allowed to be used. The CN initiates the integrity check (and possible also a ciphering update) by sending a RANAP message xe2x80x9cSecurity Mode Commandxe2x80x9d to the RNC, step 6. This message includes the allowed UIAs and the IK to be used. It may also contain the allowed UEAs and the CK to be used if a ciphering update is required. This message also includes the UE classmark IE which is transmitted transparently to the MS through the RNC.
The RNC determines which of the allowed UIAs and UEAs to use, generates a random value FRESH and initiates the downlink integrity protection, step 7. The RNC then generates the RRC message xe2x80x9cSecurity Control Commandxe2x80x9d including a random challenge RAND and an authentication token for network authentication AUTN. This message also includes the UE classmark IE, the UIA and the random value FRESH. The UEA to be used and additional information related to start of ciphering may also be included if a ciphering update is being performed. At this point there are two CNs, each with its own IK. Accordingly, the network must indicate which IK to use. This is accomplished by including a CN type indicator information in the xe2x80x9cSecurity Control Commandxe2x80x9d message. Before sending the xe2x80x9cSecurity Control Commandxe2x80x9d message to the MS, the RNC generates a MAC-I (Message Authentication Code for Integrity) and attaches this information to the message.
Upon receiving the xe2x80x9cSecurity Control Commandxe2x80x9d message including the RAND AUTN with the MAC-I, the MS verifies that the UE classmark IE received from the RNC is equal to the UE classmark IE sent in the initial L3 message and then computes a XMAC-I based on the message received by using the indicated UIA, the stored COUNT and the received FRESH parameter. The UE then verifies the data integrity of the message by comparing the received MAC-I with the generated XMAC-I, step 9.
If step 9 is successful, the MS computes a xe2x80x9cSecurity Control Responsexe2x80x9d (RES) of the RRC message and generates a second MAC-I for this message. The MS then transmits the xe2x80x9cSecurity Control Responsexe2x80x9d with the second MAC-I to the RNC, step 10.
Upon receipt of the RES message, the RNC computes a second XMAC-I based on the RES as an input to the UIA. The RNC then verifies the data integrity of the message by comparing the received second MAC-I with the generated second XMAC-I, step 11. When the data integrity is verified at step 11, the RNC transmits a RANAP xe2x80x9cSecurity Mode Completexe2x80x9d message to the CN to end the integrity procedure, step 12.
The xe2x80x9cSecurity Mode Commandxe2x80x9d in step 6 to MS starts the downlink integrity protection, i.e. all following messages sent to the MS are integrity protected. The xe2x80x9cSecurity Control Responsexe2x80x9d transmitted by the MS starts the uplink Integrity protection, i.e. all following messages sent from the MS are integrity protected.
If a communication failure occurs because the above described integrity check fails or because the deciphering fails, the RNC does not know what to do (as it can not perform the authentication procedure of the MS) and the MS will be disconnected. One of the reasons this may occur is that the ciphering key CK or the integrity key IK of a valid MS does not match the ciphering key or integrity key IK stored in the RNC. This situation also presents itself if a radio link is disrupted and restarted in which case the RNC or the MS, for security reasons, is prevented from communicating with the old ciphering key CK or integrity key IK. Since the MS is not automatically updated in this case, there is a mismatch. It is important to note that if the RNC merely releases the connection in case of (repeated) integrity check failures, a malicious user could cause a dropped connection of a valid user by sending a false packet. Accordingly, a security procedure is required for use with UMTS so that a valid MS may access the system in the above situations.
It is an object of the present invention to provide a security procedure for use with a Universal Mobile Telephone Service (UMTS) for triggering the authentication of a Mobile Station (MS) and/or the generation of a new integrity key (IK) and/or a new ciphering key (CK) by the Core Network (CN) in response to a communication failure detected by a Radio Network Controller (RNC) of a Universal Radio Access Network (URAN).
This object is achieved by a security procedure for use with a UMTS communication system having a Core Network (CN) connected to a plurality of URANs respectively providing radio coverage over URAN Areas (URAs). Each of the plural URANs has an RNC and a Base Station (BS). The security procedure is initiated when the RNC detects a communication failure between an MS and the RNC. The RNC then determines whether the detected communication failure requires MS authentication. If authentication is required, the CN performs an authentication procedure between the CN and the MS to authenticate the MS and optionally changes the integrity key IK and the ciphering key CK.
The object is also achieved by a security procedure for use with a UMTS communication system having a CN connected to a plurality of URANs respectively providing radio coverage over URAs. Each of the plural URANs has a RNC and a BS. The security procedure comprises the steps of detecting, by an RNC, of a communication failure between an MS and the RNC. The RNC then transmits a request to the CN to perform an authentication of the MS. The request preferably contains a cause parameter describing the failure (i.e., xe2x80x9cintegrity check failurexe2x80x9d). The CN performs the authentication of the MS after the CN receives the request from the RNC.
If the authentication of the MS fails, the CN indicates it to the RNC. If the authentication succeeds, the CN indicates the new security parameters to the RNC, for example, using the xe2x80x9cSecurity Mode Commandxe2x80x9d message. Further, the CN may use the authentication procedure to modify other security parameters. For example, in response to an xe2x80x9cintegrity check failxe2x80x9d, the CN may modify the UMTS Integrity Algorithm (UIA).
The various features of novelty which characterize the invention are pointed out with particularity in the claims annexed to and forming a part of the disclosure. For a better understanding of the invention, its operating advantages, and specific objects attained by its use, reference should be had to the drawing and descriptive matter in which there are illustrated and described preferred embodiments of the invention.